Abuse ACL access over groups
Use access rights over a group to add users
Use access rights over a group to add users
Use access rights over a user to take over that user account.
Abuse of ACL access rights to achieve lateral movement
Enumerate and compromise networks running Microsoft Active Directory
Abuse Active Directory Certificate Service to achieve lateral movement and total domain compromise.
Take advantage of users with no Kerberos pre-authentication requirements and recover their password
Get a full view of the domain after obtaining a set a credentials
Enumerate users and groups within an Active Directory domain
Request certificate as another user with enrollee-supplied subject
Request certificate on behalf of another user with a enrollment agent certificate
Leverage vulnerable certificate access control to escalate privileges.
Read the NT password hash of Group Managed Service Accounts (gMSA)
What do I have to do to get my first set of domain credentials?
Enumeration of AD domain without credentials
The classic AD privilege escalation technique to crack the passwords of service accounts offline
Abusing the ticket-based authentication and authorization protocol that governs the operation of Active Directory
Move from account to account, service to service, and machine to machine while escalating your privileges until you compromise the domain.
Poison multicast name resolution protocols for NetNTLM hashes
Impersonate any user to a service by crafting service tickets
SMB Relay Attack
Collect and analyze domain data with Bloodhound CE